CVE-2024-12853 – WordPress Modula Image Gallery Remote File Upload Vulnerability

1月 8, 2025
11:16 am

CVE ID : CVE-2024-12853

Published : Jan. 8, 2025, 10:15 a.m. | 1 hour, 1 minute ago

Description : The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the zip upload functionality in all versions up to, and including, 2.11.10. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-12853 – WordPress Modula Image Gallery Remote File Upload Vulnerability

Elvescore.io

Recent Posts

CVE-2025-21102 – Dell VxRail Plaintext Storage of a Password Vulnerability

CVE-2024-11423 – WooCommerce Gift Cards Advanced Coupons Unauthorized Data Modification

CVE-2024-11830 – DearFlip for WordPress Stored Cross-Site Scripting Vulnerability

CVE-2024-12337 – Planzer Shipping via WooCommerce Reflected Cross-Site Scripting

CVE-2024-12712 – BigCommerce Unauthenticated Order Status Modification Vulnerability